I am getting a constant error in Freebsd 4.0 with Natd .. goes like this:

natd[88]: failed to write packet back (host is down) . Static IP address and only happens when connected to the isp, change the IP address and run it locally as a gateway, no errors? Ran a packet trace and found nothing. Please help! I am on a cable modem...shut down all local machines on the lan and still got the problem. mesg n works well, but does not solve the issue:) If I unplug from the cable modem, I do not get the error. I disabled all services that may need a connection. Arp -a shows one (incomplete) [ethernet] error on a broadcast address. My ISP blocks me from that address anyway...I am x.x.31.x/21 and I cannot talk to x.x.30.x/21 or x.x.29.x/21 for security reasons and the incomplete is on x.x.29.255. I would appreciate any help...yes, I have tried ipnat and IPF, but could not ping to the world from a workstation. That is a convenience that I would like to have.

I'm sorry this is not helpful, but I see this problem so many times and I've never had an explanation for it. I hate to say it, but this is one of the reasons why I stick with ipf/ipnat. I've never had trouble setting that combintation up. Perhaps it's luck or just my experience with it.

If you couldn't ping the world from a workstation, it's your firewall rules. I can do. If you still want to give ipf a try, set it back up and I post the firewall rules dealing with icmp.

Thanks for replying! When I had IPF running, I set my ipf.rules to pass in all pass out all. I thought that would let me do anything. If not, please post the ICMP rules that will let me ping from my workstations to the world. I would really appreciate it!

I was browsing everywhere and going all over the place. All that I could not do is ping from my workstations to the world...I could browse and everything else. A tracert would get to my IPNAT machine and trace no farther. Other than that, it was great! I followed the same link before I set it up and found it rather easy to get going...I was running IPF 3.4.6...perhaps it is that version that is the problem

OK. If you had no firewall rules, and everything worked expect PING, I suggest giving it another try. Provide full details of your setup including IP addresses and interface names and show the firewall rules and nat rules to the ipfilter mailing list.

I think you'll find that ipf and ipnat will provide much less stress. Just remember: ipf is last match, not first match. And use those rule groups. It'll make things easier. With rule groups, your rules become a tree, not a linear list. With very large rule sets, this has much greater potential for speed.